Level 3

Beantwoord

how does aem prevents sql injection?

Forum|Forum|3 years ago
April 27, 2022
5 reacties
3644 Bekeken

Er kunnen geen reacties meer worden geplaatst op dit onderwerp.

Beste antwoord door BrianKasingli

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

Bhuwan_B

Community Advisor

@shikhasoni1 Please refer to below Community URL to get understanding of AEM Security Best Practices:

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-security-best-practices-awakening-to-the-need-for-better/td-p/449600

Anish-Sinha

Adobe Employee

refer this for the techniques to prevent sql injections - https://labs.tadigital.com/index.php/2018/11/05/sql-injections-overview-and-prevention-techniques/

arunpatidar

Community Advisor

Please note that JCR SQL injections != RDBMS SQL injections. SQL in JCR is strictly read-only. As far as it is possible to manipulate a query the only risk is information leakage. No data can be manipulated as is the case with RDBMSes.

Arun Patidar

sourcedcode

Level 2

.

BrianKasingli

Antwoord

Community Advisor and Adobe Champion

You should be fine, using JCR_SQL2 is read only which means that you can only use the "SELECT" keyword.

maryani

Level 2

Hi

How can we prevent blind XPath injection for an AEM page??

Thanks

K

KiranVe1

I have got a similar vulnerbility in our latest report. Did you find any solution for this?

Meld je aan

Inloggen met sociaal netwerk

Welkom

Inloggen met sociaal netwerk

Bestand scannen voor virussen

Dit bestand kan niet worden gedownload